Feature Request - Install application

Azure Intune
I’d like to request a feature of the plugin, that its able to install / remove software.
The use case is that we’d like to roll out the rapid7 agents onto machines that are in control of microsoft intune.

Is this possible?

@phil_pearce We do have some active development on the Intune plugin; however, I’m going to follow up with the team to see if we have Install Software in our plans.

Also, a while back some instructions were put together on how Microsoft Intune can be used for managing the installation of the Rapid7 agent. These might be a tad out of date but the steps give the general process necessary to create an App with devices targeted to install from the agent:

  1. Download Insight Agent for use with Token-based installation: https://insightagent.help.rapid7.com/docs/using-a-token#section-generating-a-token
  2. Create a Line-of-Business (LOB) App in Azure Intune:
    1. Home > Microsoft Intune > Client Apps > Apps
    2. Select “Add” at the top of Client Apps section
    3. Add App:
      1. Type: Line-of-business app
      2. App package file: agentInstaller-x86_64.msi (previously downloaded agent installer from step 1 above)
      3. App information:
        1. Description: Rapid7 Insight Agent
        2. Publisher: Rapid7
        3. Ignore app version: Yes
        4. Command-line arguments to include and then “Add”:
/l*v C:\Windows\Logs\insight_agent_install.log CUSTOMCONFIGPATH=C:\Windows\Temp\ CUSTOMTOKEN=<Token> /qn`

## Replace CUSTOMTOKEN value with that from the Rapid7 platform
## CUSTOMCONFIGPATH is where certificate files are located
## The log created by the installer is located in Windows\Logs directory for troubleshooting/support
  1. Update previously created line-of-business app
    1. Manage > Assignments
    2. Select “Add group”
      1. Assignment Type: Required
      2. Included Groups: Select specific groups to install agent OR “Make this app required on all devices” set to Yes
    3. Save modifications

After setting this up, the agent should then be installed to whatever devices that were scoped by the “Included Groups” setting. These steps assume the devices targeted for installing the Insight Agent are already being managed by Azure Intune as MDM devices.